newsletter-adminslinuxsecurity.com
Date: Mon Oct 02 2000 - 08:58:47 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 2, 2000 Volume 1, Number 22n |
| |
| Editorial Team: Dave Wreski davelinuxsecurity.com |
| Benjamin Thomas benlinuxsecurity.com |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.

This week, warnings of DoS attacks, Carnivore, and the RSA algorithm
continue to be in the news. Recently, top security executives met to
discuss the latest requirements and technologies to provide early warnings
and better preparation for DoS attacks. A Chicago-based R&D group has
been asked to execute a technical evaluation of the Carnivore surveillance
system.

Following CERT's warnings of widespread attacks on servers, Red Hat
has now chosen to release automatic package update software. The goal
of this action is to provide an easier and more efficient way for
administrators to maintain the security of a Linux system.

Webmasters, our advisory and news feed is now available in RDF
format. We invite you to use and customize our feed to provide
up-to-date security content on your website.

http://www.linuxsecurity.com/linuxsecurity_articles.rdf
http://www.linuxsecurity.com/linuxsecurity_advisories.rdf

Our sponsor this week is WebTrends. Their Security Analyzer has the
most vulnerability tests available for Red Hat & VA Linux. It uses
advanced agent-based technology, enabling you to scan your Linux
servers from your Windows NT/2000 console and protect them against
potential threats. Now with over 1,000 tests available.

http://www.webtrends.com/redirect/linuxsecurity1.htm

HTML Version available:
http://www.linuxsecurity.com/newsletter.html

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+

* SSH Techniques
September 27th, 2000

We've already seen one of the primary uses of ssh: it allows you to
open up a terminal session to a remote system. By using "ssh" instead
of telnet or rsh, you get the same ability to type commands on remote
systems, but your sessions are encrypted to protect them from prying
eyes. What else does ssh offer? Let's start with the security
features in the program and move on to some of the practical uses of
the tool.

http://www.linuxsecurity.com/articles/cryptography_article-1647.html

+------------------------+
| Network Security News: |
+------------------------+

* Another Linux vulnerability appears
September 29th, 2000

Linux firms have plugged flaws from last week, but new 'GLIBC' hole
has manifested itself. The flaws in some Linux programs that have
let crackers infiltrate hundreds of servers in past weeks have been
plugged in updated Linux distributions, but another vulnerability
appears to have made it into at least one of the latest versions.

http://www.linuxsecurity.com/articles/hackscracks_article-1663.html

* Surfing Between the Flags: Security on the Web
September 28th, 2000

This paper examines internet security with respect to the WWW. A
number of WWW security issues are presented in three areas: server,
client and communication between server and client. Practical
precautions and solutions are suggested regarding these issues.
Guidelines for protecting host systems are discussed.

http://www.linuxsecurity.com/articles/server_security_article-1658.html

* Linux Viruses: Scanner Placement
September 27th, 2000

A virus scanner doesn't do you any good if it's not somewhere along
the path the virus takes to get into your network, onto your machine,
and then executed. When deploying antivirus software, there are a
number of factors to consider.

http://www.linuxsecurity.com/articles/host_security_article-1646.html

+------------------------+
| Cryptography News: |
+------------------------+

* AES ANNOUNCEMENT: Monday, October 2, 2000
September 29th, 2000

It appears the winner of the new encryption standard to replace DES
will be announced on Monday. "The National Institute of Standards and
Technology (NIST) has been working with industry and the
cryptographic community to develop an Advanced Encryption Standard
(AES). The overall goal is to develop a Federal Information
Processing Standard (FIPS) that specifies an encryption algorithm(s)
capable of protecting sensitive government information well into the
next century.

http://www.linuxsecurity.com/articles/cryptography_article-1665.html

* New Linux-Crypto Mailing List
September 27th, 2000

A new mailing list, dedicated to all Linux Crypto topics has just
opened. It is linux-cryptonl.linux.org. Thanks go to all at
nl.linux.org for allowing me to host this mailing list using their
majordomo, esp. to Rik van Riel.

http://www.linuxsecurity.com/articles/cryptography_article-1644.html

* Quantum crypto secrets from Japan
September 27th, 2000

Mitsubishi and Hokkaido University have completed a latest round of
experiments in quantum cryptography over optical fibres. The two
organisations say that their quantum cryptographic system is a
success, and could have important implications for optical fibre
networks already in use.

http://www.linuxsecurity.com/articles/cryptography_article-1653.html

+-------------------------+
| Vendors/Tools/Products: |
+-------------------------+

* Red Hat Plans Automated Security Updates
September 30th, 2000

Linux vendor Red Hat is to automatically update its Linux systems
with the latest security patches. The move follows a warning by
security advisory firm Cert of widespread attacks on Internet servers
which exploit security vulnerabilities for which fixes are readily
available. A large number of hosts, many of them running Red Hat
Linux, have been affected, according to Cert.

http://www.linuxsecurity.com/articles/vendors_products_article-1668.html

* PentaSafe Security Technologies Ships Security Software With Red
Hat Linux Application CD Version 7
September 29th, 2000

PentaSafe Security Technologies, Inc., a leading developer of
enterprise IT auditing and security software today announced that it
is shipping its 10 Point Security Check Up Report for Linux on Red
Hat's Linux Application CD which ships with Red Hat Professional
Server Version 7.

http://www.linuxsecurity.com/articles/vendors_products_article-1666.html

* FreeBSD 4.1.1-RELEASE
September 28th, 2000

Since 4.1-RELEASE was produced in August 2000, RSA released their
code into the public domain and a number of other security
enhancements were made possible through the FreeBSD project's
permission to export cryptographic code from the United States.

http://www.linuxsecurity.com/articles/vendors_products_article-1657.html

* Cool Tool of the Week -- cryptcat
September 27th, 2000

Cryptcat is the standard netcat enhanced with twofish encryption.
Cryptcat allows you to pipe data from one host to another using
encryption. "Netcat is a simple Unix utility which reads and writes
data across network connections, using TCP or UDP protocol.

http://www.linuxsecurity.com/articles/cryptography_article-1649.html

* SmoothWall Linux 0.9.4
September 26th, 2000

SmoothWall Linux 0.9.4 is a recent addition to the family of Linux
distributions and one with an interesting lineage. The base system
files are a stripped-down version of those found in VA-Linux 6.2.1,
which in turn was derived from Red Hat Linux 6.2. What is more
interesting than its lineage is this distro's purpose in life: to
function as, and only as, a firewall to the Internet.

http://www.linuxsecurity.com/articles/vendors_products_article-1639.html

+------------------------+
| General News: |
+------------------------+

* Mitnick to IT managers: 'Everybody is suspect'
September 29th, 2000

Infamous hacker Kevin Mitnick warned IT managers Wednesday that
unless they educate every employee -- from the CEO to the
receptionist -- about how hackers work and how to bolster security,
corporate networks and Web sites will never be safe from attack.

http://www.linuxsecurity.com/articles/hackscracks_article-1662.html

* Industry retaliates against DoS attacks
September 28th, 2000

Last night, top computer security executives discussed the latest
requirements and technologies to provide early warnings of, mitigate
the impact of, reduce production outages and system breakdowns from,
and promote industry-wide communications regarding Denial of Service
attacks through the Internet.

http://www.linuxsecurity.com/articles/network_security_article-1659.html

* Research team to review FBI's Carnivore
September 27th, 2000

The Justice Department on Tuesday tapped IIT Research Institute, a
Chicago-based nonprofit contract research and development group, to
carry out a technical review of its controversial "Carnivore" e-mail
 surveillance system.

http://www.linuxsecurity.com/articles/privacy_article-1650.html

* Security: The neverending story
September 25th, 2000

It's been said time and again, that if you're doing business online,
then you're competing internationally - in effect, you have become a
global company. Companies are realising that e-business security is
a global issue, and they have to think global as well. The next
person to probe your company's network might well be a hacker in
Russia or the competitor down the road -- but they both want the same
thing: to get in.

http://www.linuxsecurity.com/articles/general_article-1629.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com

     To unsubscribe email newsletter-requestlinuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]